[PR #6595] fix(sdk-py): remove model-type specific custom json encryption annotations & document key preservation limitations #5150

Closed
opened 2026-02-20 17:51:18 -05:00 by yindo · 0 comments
Owner

Original Pull Request: https://github.com/langchain-ai/langgraph/pull/6595

State: closed
Merged: Yes


In langgraph-api, custom-encrypted JSONs need to continue to be SQL-json-mergable after encryption. Previous WIP docs advocated for custom encryption impls where all encrypted kv pairs were shoved into a __encrypted__: $encrypted_kvs meta-key. Turns out that pattern causes data loss when running PATCH-style partial updates or in the many places langgraph-api json-SQL-merges across model types.

This PR contains 2 SDK fixes:

  1. remove model-type specific custom json encryption annotations - these cause surprising behavior as config and context data propagates across model types, specifically because today we can't guarantee that data encrypted as one model-type will be decrypted as the same model-type because kv pairs move across model-types in pure SQL
  2. document limitations and validation around "key preservation" in custom json encryption functions. langgraph-api now validates that custom JSON encryption fns don't change keys. That validation prevents customizers from writing custom encryption functions that cause data loss through patch endpoints and x-model merge propagation.
**Original Pull Request:** https://github.com/langchain-ai/langgraph/pull/6595 **State:** closed **Merged:** Yes --- In langgraph-api, custom-encrypted JSONs need to continue to be SQL-json-mergable after encryption. Previous WIP docs advocated for custom encryption impls where all encrypted kv pairs were shoved into a `__encrypted__: $encrypted_kvs` meta-key. Turns out that pattern causes data loss when running PATCH-style partial updates or in the many places langgraph-api json-SQL-merges across model types. This PR contains 2 SDK fixes: 1. remove model-type specific custom json encryption annotations - these cause surprising behavior as config and context data propagates across model types, specifically because today we can't guarantee that data encrypted as one model-type will be decrypted as the same model-type because kv pairs move across model-types in pure SQL 2. document limitations and validation around "key preservation" in custom json encryption functions. langgraph-api now validates that custom JSON encryption fns don't change keys. That validation prevents customizers from writing custom encryption functions that cause data loss through patch endpoints and x-model merge propagation.
yindo added the pull-request label 2026-02-20 17:51:18 -05:00
yindo closed this issue 2026-02-20 17:51:18 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: langchain-ai/langgraph#5150